Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 3 of 3 12 3
 
LinkBack Thread Tools
Old 01-21-2008, 11:09 PM   #41 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Interesting. I never go there, and almost alway use Firefox for my browser.

Works fine for me in Firefox. Does not in IE7 for me either. I see exactly what you're describing. So, I'm not sure it was malware related, though it coincides with the infection.

I'm thinking it may be a Flash Player issue, or something else blocking images.

It has been suggested to Uninstall the existing flash player, and then install the latest

http://kb.adobe.com/selfservice/view...4157&sliceId=2

http://www.adobe.com/shockwave/downl...ShockwaveFlash

I tried, and still no go for me.

Ask for help in the IE forum, and let me know what they come up with. In the meantime, install Firefox. I'll keep digging also, since I can't stand not knowing.

As far as your earlier question goes, whatever you feel comfortable with donating is perfect. Every little bit helps keep the forum free for all.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-22-2008, 08:29 PM   #42 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 30
OS: Windows XP Home SP2 V.5.1


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Ran across another problem....

Can't get my printer going again. It's an HP PSC 1510 All In One. It quit when this malware problem started. All my printers are wiped out of my "printers" icon in control panel. When I turn it on (only one) It finds it but then I get a "cannot install" error citing the "RPC server is unavailable". I've checked in "Services" in both msconfig and administrative tools and it says it's running. I notice the print spooler is not and when I try to manually start it in administrative tools I get an error #1068: The dependancy service or group failed to start.

Any ideas there?
BunnMan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 08:42 PM   #43 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Download and unzip this tool, and run it. Post the log it produces.

http://download.bleepingcomputer.com...a/querySvc.zip
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 09:12 PM   #44 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 30
OS: Windows XP Home SP2 V.5.1


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:11:41
Windows 5.1.2600 Service Pack 2

scanning processes ...

System [4]
C:\WINDOWS\SYSTEM32\SMSS.EXE [588] 0x8228F640
C:\WINDOWS\SYSTEM32\CSRSS.EXE [636] 0x82411590
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [660] 0x8225C1D8
C:\WINDOWS\SYSTEM32\SERVICES.EXE [704] 0x82559020
C:\WINDOWS\SYSTEM32\LSASS.EXE [716] 0x822E6020
C:\WINDOWS\SYSTEM32\ati2evxx.exe [884] 0x8228BBF8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [900] 0x822C8020
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [972] 0x82303830
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1068] 0x822E65A0
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1192] 0x823143D8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1236] 0x824C2840
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe [1344] 0x822D99D8
C:\WINDOWS\explorer.exe [1732] 0x8196B4E0
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1852] 0x81932020
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [1880] 0x819315E8
C:\Program Files\Grisoft\AVG7\avgamsvr.exe [1908] 0x8176CDA0
C:\Program Files\Grisoft\AVG7\avgupsvc.exe [1952] 0x817ECC18
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe [1972] 0x81756DA0
C:\Program Files\Grisoft\AVG7\avgemc.exe [1988] 0x817FF748
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE [2028] 0x81762BE0
C:\WINDOWS\SYSTEM32\HPZipm12.exe [148] 0x81759A50
C:\Program Files\PurgeIE\PurgeIE_Service.exe [188] 0x81742700
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [348] 0x8175DA30
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe [412] 0x817F0660
C:\Program Files\HP\HP Software Update\hpwuschd2.exe [1036] 0x8172D638
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\ctsysvol.exe [1044] 0x817B5BE0
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [1184] 0x81941970
C:\WINDOWS\SYSTEM32\CTFMON.EXE [176] 0x822C2A20
C:\Program Files\Messenger\msmsgs.exe [228] 0x817AE668
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [236] 0x82391DA0
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [932] 0x824A4968
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\logitechdesktopmessenger.exe [1808] 0x823955E0
C:\WINDOWS\SYSTEM32\ALG.EXE [1544] 0x817B8020
C:\Program Files\Logitech\SetPoint\SetPoint.exe [1676] 0x8175E740
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE [1712] 0x8177D840
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe [2300] 0x817B2428
C:\Program Files\SpywareGuard\sgmain.exe [2352] 0x823436C0
C:\Program Files\SpywareGuard\sgbhp.exe [2440] 0x822A4410
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE [2456] 0x82423540
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe [2552] 0x822D1550
C:\Program Files\Internet Explorer\iexplore.exe [2876] 0x8239AA20
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn4\YTBSDK.exe [2972] 0x816F37B8
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe [3788] 0x8173F6B8
C:\Documents and Settings\Daddy\My Documents\querySvc.exe [3664] 0x816D4020
C:\WINDOWS\SYSTEM32\CMD.EXE [3908] 0x81802B28
C:\DOCUME~1\Daddy\LOCALS~1\Temp\RarSFX0\catchme.exe [820] 0x824FC678



------ Services [Running]

SERVICE_NAME: ALG
SERVICE_NAME: Apple Mobile Device
SERVICE_NAME: Ati HotKey Poller
SERVICE_NAME: AudioSrv
SERVICE_NAME: AVG Anti-Spyware Guard
SERVICE_NAME: Avg7Alrt
SERVICE_NAME: Avg7UpdSvc
SERVICE_NAME: AvgCoreSvc
SERVICE_NAME: AVGEMS
SERVICE_NAME: Browser
SERVICE_NAME: Creative Service for CDROM Access
SERVICE_NAME: CryptSvc
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: Dnscache
SERVICE_NAME: ERSvc
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: helpsvc
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LmHosts
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: PlugPlay
SERVICE_NAME: Pml Driver HPZ12
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: PurgeIEservice
SERVICE_NAME: RasMan
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: w32time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WMDM PMSP Service
SERVICE_NAME: wscsvc
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC

------ Services [Stopped]

SERVICE_NAME: Alerter
SERVICE_NAME: AppMgmt
SERVICE_NAME: aspnet_state
SERVICE_NAME: ATI Smart
SERVICE_NAME: AVGFwSrv
SERVICE_NAME: BITS
SERVICE_NAME: CiSvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: clr_optimization_v2.0.50727_32
SERVICE_NAME: COMSysApp
SERVICE_NAME: dmadmin
SERVICE_NAME: dmserver
SERVICE_NAME: Fax
SERVICE_NAME: HidServ
SERVICE_NAME: HTTPFilter
SERVICE_NAME: IDriverT
SERVICE_NAME: ImapiService
SERVICE_NAME: iPod Service
SERVICE_NAME: LexBceS
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: NetSvc
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: RasAuto
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: Spooler
SERVICE_NAME: SwPrv
SERVICE_NAME: SysmonLog
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: VSS
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: WmiApSrv
SERVICE_NAME: WMPNetworkSvc
SERVICE_NAME: WudfSvc
SERVICE_NAME: xmlprov

------ Drivers [Running]

SERVICE_NAME: abp480n5
SERVICE_NAME: ACPI
SERVICE_NAME: adpu160m
SERVICE_NAME: AFD
SERVICE_NAME: agp440
SERVICE_NAME: agpCPQ
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: amdagp
SERVICE_NAME: amsint
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: atapi
SERVICE_NAME: ati2mtag
SERVICE_NAME: audstub
SERVICE_NAME: AVG Anti-Spyware Driver
SERVICE_NAME: AvgAsCln
SERVICE_NAME: AvgClean
SERVICE_NAME: AvgMfx86
SERVICE_NAME: AvgTdi
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: cbidf
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: CmdIde
SERVICE_NAME: Cpqarray
SERVICE_NAME: ctsfm2k
SERVICE_NAME: dac2w2k
SERVICE_NAME: dac960nt
SERVICE_NAME: Disk
SERVICE_NAME: dpti2o
SERVICE_NAME: E100B
SERVICE_NAME: Fips
SERVICE_NAME: FltMgr
SERVICE_NAME: Ftdisk
SERVICE_NAME: GEARAspiWDM
SERVICE_NAME: Gpc
SERVICE_NAME: hpn
SERVICE_NAME: HPZid412
SERVICE_NAME: HPZipr12
SERVICE_NAME: HPZius12
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: i8042prt
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: IntelC51
SERVICE_NAME: IntelC52
SERVICE_NAME: IntelC53
SERVICE_NAME: IntelIde
SERVICE_NAME: intelppm
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpNat
SERVICE_NAME: IPSec
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: KSecDD
SERVICE_NAME: L8042Kbd
SERVICE_NAME: LHidKe
SERVICE_NAME: LHidUsbK
SERVICE_NAME: LMouKE
SERVICE_NAME: MCSTRM
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: MODEMCSA
SERVICE_NAME: mohfilt
SERVICE_NAME: Mouclass
SERVICE_NAME: mouhid
SERVICE_NAME: MountMgr
SERVICE_NAME: mraid35x
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: mssmbios
SERVICE_NAME: Mup
SERVICE_NAME: Nbf
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: NetBT
SERVICE_NAME: Npfs
SERVICE_NAME: Ntfs
SERVICE_NAME: Null
SERVICE_NAME: omci
SERVICE_NAME: ossrv
SERVICE_NAME: P17
SERVICE_NAME: Parport
SERVICE_NAME: PartMgr
SERVICE_NAME: PCI
SERVICE_NAME: PCIIde
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: pfc
SERVICE_NAME: PfModNT
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: PxHelp20
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: redbook
SERVICE_NAME: serenum
SERVICE_NAME: Serial
SERVICE_NAME: sisagp
SERVICE_NAME: Sparrow
SERVICE_NAME: sr
SERVICE_NAME: Srv
SERVICE_NAME: swenum
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TermDD
SERVICE_NAME: TosIde
SERVICE_NAME: ultra
SERVICE_NAME: Update
SERVICE_NAME: usbccgp
SERVICE_NAME: usbehci
SERVICE_NAME: usbhub
SERVICE_NAME: usbprint
SERVICE_NAME: usbscan
SERVICE_NAME: usbuhci
SERVICE_NAME: VgaSave
SERVICE_NAME: viaagp
SERVICE_NAME: ViaIde
SERVICE_NAME: VolSnap
SERVICE_NAME: Wanarp
SERVICE_NAME: wdmaud
SERVICE_NAME: WmBEnum
SERVICE_NAME: WmXlCore

------ Drivers [Stopped]

SERVICE_NAME: Abiosdsk
SERVICE_NAME: ACPIEC
SERVICE_NAME: aec
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: bvrp_pci
SERVICE_NAME: cbidf2k
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: dmboot
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: DMusic
SERVICE_NAME: drmkaud
SERVICE_NAME: Fastfat
SERVICE_NAME: Fdc
SERVICE_NAME: Flpydisk
SERVICE_NAME: gameenum
SERVICE_NAME: HidUsb
SERVICE_NAME: Ip6Fw
SERVICE_NAME: IpInIp
SERVICE_NAME: IRENUM
SERVICE_NAME: kbdhid
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: mrtRate
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: nv
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: PalmUSBD
SERVICE_NAME: ParVdm
SERVICE_NAME: PCIDump
SERVICE_NAME: Pcmcia
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: Point32
SERVICE_NAME: rdpdr
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: splitter
SERVICE_NAME: swmidi
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: Udfs
SERVICE_NAME: USBAAPL
SERVICE_NAME: USBSTOR
SERVICE_NAME: wanatw
SERVICE_NAME: WDICA
SERVICE_NAME: WmFilter
SERVICE_NAME: WmVirHid
SERVICE_NAME: WpdUsb
SERVICE_NAME: WS2IFSL
SERVICE_NAME: WudfPf
SERVICE_NAME: WudfRd
BunnMan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 09:34 PM   #45 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Open notepad and copy/paste the text in the quotebox below into it:

Quote:
regedit /a look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost"
start notepad look.txt
Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Copy that information into your next reply, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 09:51 PM   #46 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 30
OS: Windows XP Home SP2 V.5.1


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"HTTPFilter"=hex(7):48,54,54,50,46,69,6c,74,65,72,00,00
"LocalService"=hex(7):41,6c,65,72,74,65,72,00,57,65,62,43,6c,69,65,6e,74,00,4c,\
6d,48,6f,73,74,73,00,52,65,6d,6f,74,65,52,65,67,69,73,74,72,79,00,75,70,6e,\
70,68,6f,73,74,00,53,53,44,50,53,52,56,00,00
"NetworkService"=hex(7):44,6e,73,43,61,63,68,65,00,00
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,42,49,54,53,00,77,75,61,75,73,65,\
72,76,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,\
76,63,00,57,6d,64,6d,50,6d,53,4e,00,00
"DcomLaunch"=hex(7):44,63,6f,6d,4c,61,75,6e,63,68,00,54,65,72,6d,53,65,72,76,\
69,63,65,00,00
"rpcss"=hex(7):52,70,63,53,73,00,00
"imgsvc"=hex(7):53,74,69,53,76,63,00,00
"termsvcs"=hex(7):54,65,72,6d,53,65,72,76,69,63,65,00,00
"WudfServiceGroup"=hex(7):57,55,44,46,53,76,63,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
BunnMan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 10:07 PM   #47 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Ok, have you tried uninstalling the printer drivers and reinstalling them? (The software)

Or, were you just trying to install a new printer in Control Panel?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 10:10 PM   #48 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 30
OS: Windows XP Home SP2 V.5.1


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
install new printer 'cause it's gone. Can't find anything to uninstall.
BunnMan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 10:12 PM   #49 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
The drivers, from Add/Remove programs if present.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 11:29 PM   #50 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 30
OS: Windows XP Home SP2 V.5.1


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
killed all the hp stuff and tried re-install. Says print spooler needs to be fixed
BunnMan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 11:38 PM   #51 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Try this:

1. Go to Start > Run and type in services.msc then press Enter.

2. In the window that opens find "Print Spooler" on the right

3. Right-click "Print Spooler" and select "Properties".

4. Click on the "Recovery" tab and change all 3 drop-down boxes to "Restart The Service".

5. Make sure the 2 text boxes underneath say "1" in them.

6. Click Ok until you are back at the Services window, close it.

7. Go back into the properties of the "Print Spooler" tab and be sure to click Start to restart the Print Spooler service and it will restart the service immediately.

==================================

See if the info on this page helps:

http://support.microsoft.com/kb/324757

If none of that works for you, I'm out of ideas, and you're better off asking in the Windows XP forum.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 11:46 PM   #52 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
One more idea I found while trolling the net....

http://forums.microsoft.com/MSDN/Sho...37846&SiteID=1
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2008, 11:51 PM   #53 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Was there once a Lexmark or Dell printer installed on this machine? I see a Lexmark driver, which seems to be problematic with regards to the spooler service.

Here's yet more info (old, but it seems it may apply in this case):

http://www.pcreview.co.uk/forums/thread-543973.php

http://members.shaw.ca/bsanders/CleanPrinterDrivers.htm
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2008, 04:27 PM   #54 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 30
OS: Windows XP Home SP2 V.5.1


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
#52 did it, thanks again my friend!
BunnMan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2008, 05:49 PM   #55 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner
Excellent! Thanks for letting me know.

Happy Computing!
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 3 of 3 12 3

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:37 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85